Field
The present inventions relate generally to cloud computing and, more specifically, to systems and methods relating to improved security in cloud computing environments.
Description of Related Art
Cloud computing services may be offered at various layers of the software stack. At lower layers, Infrastructure as a Service (IaaS) systems allow users to have access to entire virtual machines (VMs) hosted by the provider, and the users are responsible for providing the entire software stack running inside a VM. At higher layers, Software as a Service (SaaS) systems offer online applications that can be directly executed by the users.
Despite its advantages, cloud computing raises security concerns as users have limited means to ensure confidentiality, integrity, and location of their data and computation resources. Users of cloud computing resources are particularly blind to the location of their data and computing resource location which in many cases must comply with laws that their data and computing resource must reside in a specific physical geographical location.
In order to increase the security and trust associated with communications to a given computer platform, Hardware Security Modules (HSMs) have been used to enable the construction of trusted platforms. An HSM is a coprocessor that is typically affixed to a computer's motherboard. It can create and store cryptographic keys and other sensitive data in its shielded memory and provides ways for platform software to use those services to achieve security goals. A popular HSM in use today is the Trusted Platform Module (TPM) as specified by the Trusted Computing Group.